How to disable SSL Insecure Algorithm
One of your used encryption algorithms has severe security issues.
CVSS Vector: AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
What are Insecure Cryptographic Algorithms?
Insecure cryptographic algorithms are a vulnerability that impacts how sensitive data is stored and transmitted online. Rather than a single type of vulnerability, it applies to the insecure use of cryptography due to:
- Reliance on poor key storage and management processes
- Using custom encryption protocols that have not been tested extensively
- Using insecure, deprecated, or disallowed cryptographic algorithms
Cryptographic vulnerabilities frequently arise when using the Transport Layer Security (TLS) or the now-deprecated Secure Sockets Layer (SSL) protocols. TLS/SSL use different cipher suites that usually include key exchange, authentication, encryption, and message authentication code (MAC) algorithms to secure the data they transmit. Depending on the algorithms being used, a vulnerability may be present in the process of transferring data, allowing attackers to mount an attack.
A successful attack on a weak cipher can lead to sensitive data, such as authentication, payment, or medical details, and code or intellectual property being exposed and stolen. It could also allow attackers to manipulate or destroy data or take over a whole system and compromise it. Finally, such an attack, as in the below example, can also cause reputational and material damages.
The extent of the damage being done is limited to the type and the value of the data that becomes compromised. For example, in 2011, the PlayStation Network was breached, leading to the details of 77 million accounts being leaked, including the credit card information of about 12 million users. As a result, Sony had to pay $15 million in a settlement.
Attacks such as DROWN, POODLE, BEAST, other kinds of downgrade attacks, renegotiation attacks, and others all make use of vulnerabilities in algorithms.
Choose only cipher suites with robust encryption algorithms. For guides, see Secure TLS Configuration.